Rengine
reNgine is a web application reconnaissance suite with focus on a highly configurable streamlined recon process via Engines, recon data correlation, continuous monitoring, recon data backed by a database, and a simple yet intuitive User Interface. With features such as sub-scan, deeper co-relation, report generation, etc. reNgine aims to fix the gap in the traditional recon tools and probably a better alternative for existing commercial tools.
https://github.com/yogeshojha/rengine
DOCKER!!!!
Features
- Reconnaissance: Subdomain Discovery, IP and Open Ports Identification, Endpoints Discovery, Directory and Files fuzzing, - Screenshot gathering, Vulnerability scan using Nuclei, WHOIS Identification, WAF Detection etc.
- Highly configurable YAML-based Scan Engines
- Support for Parallel Scans and Subscans
- Automatically report Vulnerabilities to HackerOne
- Recon Data visualization
- OSINT Capabilities (Meta info Gathering, Employees Gathering, Email Address with an option to look password in the leaked database, - dorks, etc.)
- Customizable Alerts/Notifications on Slack, Discord, and Telegram
- Perform Advanced Query lookup using natural language alike and, or, not operations
- Recon Notes and Todos
- Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
- Proxy Support
- Screenshot Gallery with Filters
- Powerful recon data filtering with autosuggestions
- Recon Data changes, find new/removed subdomains/endpoints
- Tag targets into the Organization
- Identify Interesting Subdomains
- Custom GF patterns and custom Nuclei Templates
- Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
- Add external tools from Github/Go
- Interoperable with other tools, Import/Export Subdomains/Endpoints
- Import Targets via IP and/or CIDRs
- Report Generation
- Toolbox: Comes bundled with most commonly used tools such as whois lookup, CMS detector, CVE lookup, etc.
- Identification of related domains and related TLDs for targets
- Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.
reNgine does not support custom dork as of now, and support is provided for these dorks:
supported options for dork
- stackoverflow
- 3rdparty
- social_media
- project_management
- code_sharing
- config_files
- jenkins
- wordpress_files
- cloud_buckets
- php_error
- exposed_documents
- struts_rce
- db_files
- traefik
- git_exposed
- gf_patterns
You can now use gf patterns on the gathered URLs. Supported options are combination of these patterns.
gf_patterns available options
- debug_logic
- idor
- img-traversal
- interestingEXT
- interestingparams
- interestingsubs
- jsvar
- lfi
- rce
- redirect
- sqli
- ssrf
- ssti
- xss